Fix Hardcoded PBE Password

Asked Feb 28 '19 at 15:22

Active Feb 28 '19 at 15:22

Viewed 632 times

We have been using Fortify tool to check for security vulnerabilities, Key Management: Hardcoded PBE Password issue giving hard time to fix.

Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 
0x49, 0x76,0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });

AND

using (var password = new Rfc2898DeriveBytes(PassPhrase, saltStringBytes, DerivationIterations))

I get StringCipher Class from this link Encrypting & Decrypting a String in C#

asked Feb 28 '19 at 15:22

shady youssery

Did you try converting to string using Encoding? string results = Encoding.UTF8.GetString(login); where login is a byte[]. – jdweng Feb 28 '19 at 15:40
@jdweng the issue not in convert but in using Rfc2898DeriveBytes – shady youssery Mar 03 '19 at 07:28
See rmalayter answer : https://crypto.stackexchange.com/questions/47517/is-pbkdf2-rfc-2898-broken-because-sha1-is-broken – jdweng Mar 03 '19 at 08:15

Fix Hardcoded PBE Password

0 Answers0